Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSA All Questions

View all questions & answers for the PCNSA exam
Go to Exam

Exam PCNSA topic 1 question 360 discussion

Actual exam question from Palo Alto Networks's PCNSA
Question #: 360
Topic #: 1
[All PCNSA Questions]

The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named New_Admin. This new administrator has to authenticate without inserting any username or password to access the WebUI.

What steps should the administrator follow to create the New_Admin Administrator profile?

  • A. 1. Set the Authentication profile to Local.
    2. Select the "Use only client certificate authentication" check box.
    3. Set Role to Role Based.
  • B. 1. Select the "Use only client certificate authentication" check box.
    2. Set Role to Dynamic.
    3. Issue to the Client a Certificate with Certificate Name = New Admin
  • C. 1. Select the "Use only client certificate authentication" check box.
    2. Set Role to Dynamic.
    3. Issue to the Client a Certificate with Common Name = New_Admin
  • D. 1. Select the "Use only client certificate authentication" check box.
    2. Set Role to Role Based.
    3. Issue to the Client a Certificate with Common Name = New Admin
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by jaredmcg13 at Nov. 21, 2023, 11:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Jallic
4 days, 11 hours ago
Another thing that conflicts (at least this is what I think), I suggested going with C, however in the question is does mention customized privileges, which I believe would mean the role should be set to 'Role Based'. https://docs.paloaltonetworks.com/panorama/11-0/panorama-admin/panorama-overview/role-based-access-control/administrative-roles So realistically the answer would really be: - Select the User Only client certificate - Set Role to 'Role Based - Issue Client cert "New_Admin"
upvoted 1 times
...
Jallic
1 week, 5 days ago
Selected Answer: C
I believe the answer here is C, in the video I can see the role is set to 'Dynamic' and they specifically say the Common Name must match the user id (case sensitive).
upvoted 1 times
...
Apache207
2 months, 3 weeks ago
C This setup ensures that the new administrator named New_Admin can authenticate using a client certificate without needing to enter a username or password. The "Dynamic" role setting allows the profile to be matched based on the certificate's Common Name.
upvoted 1 times
...
DIG_Tofu
6 months, 4 weeks ago
D seems correct. Spaces are allowed in common name, according to RFC 7468. I guess ._.
upvoted 2 times
...
Kaifus
10 months, 1 week ago
Soooo many holes in this question.... 1) Common name is an IP or FQDN, not something like New Admin 2) Certificate Name cannot have spaces That alone takes out B, C and D... A doesn't seem right either though given the context of the question. There has to be a certificate loaded on the client machine in order to do what the question is asking.
upvoted 1 times
...
jaredmcg13
11 months ago
A is the answer https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel